Beispiel #1
0
    def post_sync(self):
        
        # Encodes & stores the password (entered by the user)
        self.model.password =  to_md5(self.new_password.value)

        # Expires the token since it should only be used once
        self.password_token.expire()
Beispiel #2
0
 class zoe:
     # id = 7
     first_name = "Zoe"
     last_name = "Jones"
     pseudonym = "Zoe"
     email = "*****@*****.**"
     password = to_md5("secret7")
     level = 0
Beispiel #3
0
 class rolland:
     # id = 6
     first_name = "Rolland"
     last_name = "Q"
     pseudonym = "Rolex"
     email = "*****@*****.**"
     password = to_md5("secret6")
     level = 2
Beispiel #4
0
 class nico:
     # id = 5
     first_name = "Nicolas"
     last_name = "C"
     pseudonym = "Nico"
     email = "*****@*****.**"
     password = to_md5("secret5")
     level = 2
Beispiel #5
0
 class jo:
     # id = 4
     first_name = "Jonathan"
     last_name = "L"
     pseudonym = "Jo"
     email = "*****@*****.**"
     password = to_md5("secret4")
     level = 2
Beispiel #6
0
 class fx:
     # id = 3
     first_name = "Francois-Xavier"
     last_name = "C"
     pseudonym = "FX"
     email = "*****@*****.**"
     password = to_md5("secret3")
     level = 2
Beispiel #7
0
 class franck_p:
     # id = 2
     first_name = "Franck"
     last_name = "P"
     pseudonym = "Franck P"
     email = "*****@*****.**"
     password = to_md5("secret2")
     level = 3
Beispiel #8
0
 class franck_l:
     # id = 1
     first_name = "Franck"
     last_name = "L"
     pseudonym = "Franck L"
     email = "*****@*****.**"
     password = to_md5("secret1")
     level = 2
Beispiel #9
0
    def test_reset_password_POST(self):

        NEW_PASSWORD = "******"
        
        updated_user = User(
            first_name=UserData.jo.first_name,
            last_name=UserData.jo.last_name,
            pseudonym=UserData.jo.pseudonym,
            email=UserData.jo.email,
            password=to_md5(NEW_PASSWORD),
            level=UserData.jo.level
        )


        db_user = config.orm.query(User).filter(User.first_name == "Jonathan").one() #@UndefinedVariable

        updated_user_data = {
            "token" : PasswordTokenData.password_token_active.token,
            "User-4-new_password" : NEW_PASSWORD,
            "User-4-new_password_confirm" : NEW_PASSWORD
        }
    
        # Makes sure that the update fails with invalid data (1)
        invalid_user_data = copy.deepcopy(updated_user_data)
        invalid_user_data["User-4-new_password"] = ""
        response = app.request("/reset/password", method="POST", data=invalid_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_OK)
        self.assertIn("Please enter a value", response.data)
        self.assertIn("Passwords do not match", response.data)
        self.assertEqual(db_user, UserData.jo)
        self.assertNotEqual(db_user, updated_user)
        
        # Makes sure that the update fails with invalid data (2)
        invalid_user_data = copy.deepcopy(updated_user_data)
        invalid_user_data["User-4-new_password"] = "******"
        response = app.request("/reset/password", method="POST", data=invalid_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_OK)
        self.assertIn("Value must be at least 4 characters long", response.data)
        self.assertIn("Passwords do not match", response.data)
        self.assertEqual(db_user, UserData.jo)
        self.assertNotEqual(db_user, updated_user)
        
        # Makes sure that the update fails with invalid data (3)
        invalid_user_data = copy.deepcopy(updated_user_data)
        invalid_user_data["User-4-new_password"] = NEW_PASSWORD + "a"
        response = app.request("/reset/password", method="POST", data=invalid_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_OK)
        self.assertNotIn("Value must be at least 4 characters long", response.data)
        self.assertIn("Passwords do not match", response.data)
        self.assertEqual(db_user, UserData.jo)
        self.assertNotEqual(db_user, updated_user)   
            
        # Makes sure that the update works with valid data        
        response = app.request("/reset/password", method="POST", data=updated_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_SEE_OTHER)
        self.assertEqual(db_user, updated_user)
        self.assertNotEqual(db_user, UserData.jo)
Beispiel #10
0
    def test_create_account_POST(self):
        
        try:
            
            old_user_emails = [user.email for user in User.all()]
            self.assertEqual(len(old_user_emails), 7)
            
            NEW_PASSWORD = "******"
            
            expected_new_user = User(
                first_name="Dorian",
                last_name="Gray",
                pseudonym="Dorian G",
                email=UserTokenData.user_token_active.email,
                password=to_md5(NEW_PASSWORD),
                level=UserTokenData.user_token_active.level
            )
    
            new_user_data = {
                "token" : UserTokenData.user_token_active.token,
                "User--pseudonym" : expected_new_user.pseudonym,
                "User--first_name" : expected_new_user.first_name,
                "User--last_name" : expected_new_user.last_name,
                "User--new_email" : expected_new_user.email,
                "User--new_password" : NEW_PASSWORD,
                "User--new_password_confirm" : NEW_PASSWORD
            }
            
            # Makes sure that the insert fails with invalid data
            alterable_keys = [key for key in new_user_data.keys() if key != "token"]
            for key in alterable_keys:
                
                # Alters the submitted data
                invalid_user_data = copy.deepcopy(new_user_data)
                invalid_user_data[key] = ""
                
                # Makes sure the server rejects the insert
                response = app.request("/create/account", method="POST", data=invalid_user_data) #@UndefinedVariable
                self.assertEqual(response.status, HTTP_OK)
                self.assertIn("Please enter a value", response.data)
                self.assertEqual(len(User.all()), len(old_user_emails))
                self.assertRaises(NoResultFound, config.orm.query(User).filter(~User.email.in_(old_user_emails)).one) #@UndefinedVariable
            
            # Makes sure that the insert works with valid data        
            response = app.request("/create/account", method="POST", data=new_user_data) #@UndefinedVariable
            self.assertEqual(response.status, HTTP_SEE_OTHER)
            self.assertEqual(len(User.all()), 1 + len(old_user_emails))
            new_user = config.orm.query(User).filter(~User.email.in_(old_user_emails)).one() #@UndefinedVariable
            self.assertEquals(new_user, expected_new_user)

        finally:
            
            #TODO: should be done by the fixture
            new_user = config.orm.query(User).filter(~User.email.in_(old_user_emails)).one() #@UndefinedVariable
            config.orm.delete(new_user)
            config.orm.commit()
Beispiel #11
0
 def post_sync(self):
     
     # Encodes & stores the password (entered by the user)
     self.model.password =  to_md5(self.new_password.value)
     
     # Stores the level (enclosed in the token, not visible by the user)
     self.model.level = self.user_token.level
     
     # Stores the email (enclosed in the token as well, but potentially overriden by the user)
     self.model.email = self.new_email.value
     
     # Appends the user to the session
     config.orm.add(self.model)
     
     # Expires the token since it should only be used once
     self.user_token.expire()
Beispiel #12
0
    def test_update_password(self):
        
        NEW_PASSWORD = "******"
        
        updated_user = User(
            first_name=UserData.franck_l.first_name,
            last_name=UserData.franck_l.last_name,
            pseudonym=UserData.franck_l.pseudonym,
            email=UserData.franck_l.email,
            password=to_md5(NEW_PASSWORD),
            level=UserData.franck_l.level
        )


        updated_user_data = {
            "User-1-old_password" : "secret1",
            "User-1-new_password" : NEW_PASSWORD,
            "User-1-new_password_confirm" : NEW_PASSWORD
        }
        
        self.login()
        
        # Makes sure that the update fails with invalid data (1)
        invalid_user_data = copy.deepcopy(updated_user_data)
        invalid_user_data["User-1-old_password"] = ""
        response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_OK)
        self.assertIn("Please enter a value", response.data)
        self.assertNotIn("Passwords do not match", response.data)
        self.assertEqual(config.session_manager.user, UserData.franck_l)
        self.assertNotEqual(config.session_manager.user, updated_user)
        
        # Makes sure that the update fails with invalid data (2)
        invalid_user_data = copy.deepcopy(updated_user_data)
        invalid_user_data["User-1-old_password"] = "******"
        response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_OK)
        self.assertIn("Invalid value", response.data)
        self.assertNotIn("Passwords do not match", response.data)
        self.assertEqual(config.session_manager.user, UserData.franck_l)
        self.assertNotEqual(config.session_manager.user, updated_user)        

        # Makes sure that the update fails with invalid data (3)
        invalid_user_data = copy.deepcopy(updated_user_data)
        invalid_user_data["User-1-new_password"] = ""
        response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_OK)
        self.assertIn("Please enter a value", response.data)
        self.assertIn("Passwords do not match", response.data)
        self.assertEqual(config.session_manager.user, UserData.franck_l)
        self.assertNotEqual(config.session_manager.user, updated_user)
        
        # Makes sure that the update fails with invalid data (4)
        invalid_user_data = copy.deepcopy(updated_user_data)
        invalid_user_data["User-1-new_password"] = "******"
        response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_OK)
        self.assertIn("Value must be at least 4 characters long", response.data)
        self.assertIn("Passwords do not match", response.data)
        self.assertEqual(config.session_manager.user, UserData.franck_l)
        self.assertNotEqual(config.session_manager.user, updated_user)
        
        # Makes sure that the update fails with invalid data (5)
        invalid_user_data = copy.deepcopy(updated_user_data)
        invalid_user_data["User-1-new_password"] = NEW_PASSWORD + "a"
        response = app.request("/update/password", method="POST", data=invalid_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_OK)
        self.assertNotIn("Value must be at least 4 characters long", response.data)
        self.assertIn("Passwords do not match", response.data)
        self.assertEqual(config.session_manager.user, UserData.franck_l)
        self.assertNotEqual(config.session_manager.user, updated_user)   
            
        # Makes sure that the update works with valid data        
        response = app.request("/update/password", method="POST", data=updated_user_data) #@UndefinedVariable
        self.assertEqual(response.status, HTTP_SEE_OTHER)
        self.assertEqual(config.session_manager.user, updated_user)
        self.assertNotEqual(config.session_manager.user, UserData.franck_l)
Beispiel #13
0
def old_password_validator(value, field):
    
    if field.parent.model.password != to_md5(value):
        raise validators.ValidationError("Invalid value")
Beispiel #14
0
 def post_sync(self):
     
     # Encodes & stores the password (entered by the user)
     self.model.password =  to_md5(self.new_password.value)